projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
19215: Much installer documentation and reorganization
[arvados.git] / doc / _includes / _multi_host_install_custom_certificates.liquid
diff --git a/doc/_includes/_multi_host_install_custom_certificates.liquid b/doc/_includes/_multi_host_install_custom_certificates.liquid
index 40d24449f00fbf56e5c1dcfd43ac1a3d04110159..7063eb28fbf04924bd0f3b989757129ecd4ac298 100644 (file)
--- a/doc/_includes/_multi_host_install_custom_certificates.liquid
+++ b/doc/_includes/_multi_host_install_custom_certificates.liquid
@@ -4,9 +4,9 @@ Copyright (C) The Arvados Authors. All rights reserved.
 SPDX-License-Identifier: CC-BY-SA-3.0
 {% endcomment %}
 
-You will need certificates for each DNS name and DNS wildcard previously described in the "Hosts":#hosts .
+You will need certificates for each DNS name and DNS wildcard previously listed in the "DNS hostnames for each service":#DNS .
 
-To simplify certificate management, we recommend creating a single certificate with all of the hostnames, or creating a wildcard certificate that covers all possible hostnames (with the following patterns in subjectAltName):
+To simplify certificate management, we recommend creating a single certificate for all of the hostnames, or creating a wildcard certificate that covers all possible hostnames (with the following patterns in subjectAltName):
 
 <pre>
 xarv1.example.com
@@ -21,15 +21,15 @@ Copy your certificates to the directory specified with the variable @CUSTOM_CERT
 The script expects cert/key files with these basenames (matching the role except for <i>keepweb</i>, which is split in both <i>download / collections</i>):
 
 # @controller@
-# @websocket@        # note: corresponds to default domain @ws.${CLUSTER}.${DOMAIN}@
-# @keepproxy@        # note: corresponds to default domain @keep.${CLUSTER}.${DOMAIN}@
-# @download@         # Part of keepweb
-# @collections@      # Part of keepweb -- important note, this should be a wildcard for @*.collections.${CLUSTER}.${DOMAIN}@
+# @websocket@        -- note: corresponds to default domain @ws.${CLUSTER}.${DOMAIN}@
+# @keepproxy@        -- note: corresponds to default domain @keep.${CLUSTER}.${DOMAIN}@
+# @download@         -- Part of keepweb
+# @collections@      -- Part of keepweb, must be a wildcard for @*.collections.${CLUSTER}.${DOMAIN}@
 # @workbench@
 # @workbench2@
 # @webshell@
 
-For example, for the 'keepproxy' service the script will expect to find this certificate:
+For example, for the @keepproxy@ service the script will expect to find this certificate:
 
 <notextile>
 <pre><code>${CUSTOM_CERTS_DIR}/keepproxy.crt
@@ -42,7 +42,10 @@ Make sure that all the FQDNs that you will use for the public-facing application
 Note: because the installer currently looks for a different certificate file for each service, if you use a single certificate, we recommend creating a symlink for each certificate and key file to the primary certificate and key, e.g.
 
 <notextile>
-<pre><code>ln -s xarv1.crt ${CUSTOM_CERTS_DIR}/keepproxy.crt
+<pre><code>ln -s xarv1.crt ${CUSTOM_CERTS_DIR}/controller.crt
+ln -s xarv1.key ${CUSTOM_CERTS_DIR}/controller.key
+ln -s xarv1.crt ${CUSTOM_CERTS_DIR}/keepproxy.crt
 ln -s xarv1.key ${CUSTOM_CERTS_DIR}/keepproxy.key
+...
 </code></pre>
 </notextile>